WHOIS Lookup

Query live WHOIS databases to retrieve ownership, registrar, nameservers, expiry dates, and status codes for domains, IPv4/IPv6 addresses, and Autonomous System Numbers (ASN).

google.com github.com 8.8.8.8 (Google DNS) 1.1.1.1 (Cloudflare) AS15169 (Google) AS13335 (Cloudflare)
Privacy-respecting architecture: Queries are sent to our PHP backend, which performs the WHOIS lookup via direct socket connections to authoritative WHOIS servers (port 43). We do NOT store any query or result.

WHOIS (pronounced "who is") is a query/response protocol used to access databases that store the registration information of internet resources — domain names, IP address blocks, and Autonomous System Numbers (ASNs). Originally standardized in RFC 812 (1982) and later updated by RFC 3912, it remains a cornerstone of internet transparency and cybersecurity.

Protocol basics

Client → TCP port 43 → WHOIS server → plain text response

Example: `whois google.com` on a Linux terminal connects to the appropriate server and returns registration details.

Our PHP implementation: The backend opens a socket to the correct WHOIS server (e.g., whois.verisign-grs.com for .com), sends the query, and streams the response back to you – exactly like the command line.

Historical Context & Evolution

WHOIS was developed in the early 1980s by the ARPANET Network Information Center (NIC) at SRI International. For decades, it provided public access to registrant names, postal addresses, phone numbers, and emails. However, the European Union's General Data Protection Regulation (GDPR) in 2018 forced registrars to redact most personal data. Today, many records show "Redacted for privacy". In response, the internet community developed RDAP (Registration Data Access Protocol) as a modern replacement with standardized JSON output and tiered access, though WHOIS is still widely used.

Why PHP backend? Running WHOIS queries client‑side is impossible due to browser restrictions (cannot open raw TCP port 43). Our server acts as a proxy, performing the query and returning the raw text. This mirrors the traditional `whois` command experience while keeping your interaction private.

What Information Can You Find?

Depending on the resource and registrar, a WHOIS record typically contains:

Category Examples Notes
Domain Domain name, registrar, registry domain ID e.g., "MARKMONITOR, INC."
Key dates Creation, expiration, last updated Critical for renewal and monitoring
Nameservers ns1.google.com, ns2.google.com DNS resolution delegation
Status codes clientTransferProhibited, serverHold ICANN status meanings
Contacts Registrant, admin, tech, abuse Often redacted post‑GDPR
IP/ASN Net range, organisation, country, origin AS From RIRs like ARIN, RIPE, APNIC

Why Use an Interactive WHOIS Lookup with PHP Backend?

  • Cybersecurity investigations: Identify malicious domain owners, track phishing campaigns, or check domain age.
  • Network administration: Determine the owner of an IP address (abuse contacts) or verify BGP route origins.
  • Domain portfolio management: Monitor expiration dates and registrar details for your domains.
  • Competitive research: Discover when a competitor registered a domain or which nameservers they use.
  • Legal & compliance: Collect evidence for trademark disputes or cybercrime reporting.
  • Transparency: Unlike many "free WHOIS" sites that resell data or inject trackers, our PHP backend directly queries the source and returns the unaltered response.

Understanding the Output: Key Fields Explained

Registrar – The ICANN‑accredited company where the domain was registered (e.g., GoDaddy, Namecheap).

Creation/Expiry dates – Usually in UTC (ISO 8601 format). Expiry is critical: domains typically enter a grace period (auto‑renew), then redemption, then become available for re‑registration.

Nameservers – At least two DNS servers that resolve the domain.

Status codesclientTransferProhibited means the domain is locked to prevent unauthorized transfer. serverHold often indicates suspension.

Case Study: Phishing Domain Takedown

A security analyst receives a suspicious email from "paypa1-security.com". Using this WHOIS tool, they discover the domain was registered 2 days ago with a privacy-protected registrant. The registrar is identified as "NAMECHEAP, INC." The analyst immediately sends an abuse report to [email protected] (found in the registrar's WHOIS) and provides the creation date as evidence. Within 24 hours, the domain is suspended. This highlights how WHOIS data aids rapid incident response.

Privacy & GDPR: Why Some Fields Are Hidden

Since May 2018, GDPR mandates that personal data of EU citizens be protected. Registrars now redact registrant names, emails, and phones, replacing them with proxy services or placeholders. To contact a domain owner, you generally must use a web form or send mail to the registrant's proxy email. This tool reflects the same redacted data you would see on a terminal.

Common Misconceptions

  • “WHOIS is always accurate.” No – data can be outdated or intentionally falsified. Use as one data point among many.
  • “You can hide your identity completely.” Many registrars offer privacy protection, but law enforcement and legal processes can still unmask the true owner.
  • “All TLDs use the same WHOIS server.” Wrong. Each TLD (e.g., .com, .org, .io) often has its own authoritative WHOIS server.
  • “WHOIS lookup reveals the exact server location.” It reveals the registrant’s address (often redacted) and nameservers, not the physical server location.
  • “Our tool logs all queries.” False. We only keep temporary server logs for 24 hours to prevent abuse; we do not store query contents.

Built by networking professionals – This tool was developed by the GetZenQuery engineering team, with contributions from former RIPE NCC members and security researchers. The PHP backend uses the same socket logic as the classic `whois`(1) command. We monitor IANA's list of WHOIS servers and update mappings regularly. Last code review: March 2026.

Authoritative sources used: IANA Root Zone Database, Regional Internet Registries (ARIN, RIPE, APNIC, LACNIC, AFRINIC), and registry WHOIS servers directly.

Frequently Asked Questions

Due to GDPR and similar privacy laws, most domain records now redact personal emails. Instead, you'll see a proxy email (e.g., [email protected]) or a form. For IP addresses, abuse contact emails are often still visible.

It varies. After a domain update (e.g., nameserver change), the registry typically updates within minutes. However, some fields like registrant contact may take longer. The "Updated Date" field shows the last modification.

Domain WHOIS is managed by domain registries (like Verisign for .com) and contains domain‑specific data. IP WHOIS is managed by Regional Internet Registries (ARIN, RIPE, APNIC, etc.) and provides information about IP address blocks, including the owning organization and abuse contacts.

An Autonomous System Number (ASN) lookup returns information about the organization that operates that AS, including its BGP routing policies, contact details, and the IP prefixes it announces. It's essential for network operators.

Yes, you can enter domains like `例子.测试`. Our PHP backend converts them to Punycode (`xn--fsq.com`) before querying.

References: RFC 3912 (WHOIS); ICANN WHOIS; ARIN WHOIS Guide; RIPE Database Query.